I’m trying to use kubernetes generated (bound) service account tokens to authenticate my OAUTH2 client against keycloak.
However, keycloak requires the token to have a jti, while the tokens generated by kubernetes don’t have that.
Now, one can argue that its more secure to require a jti, but on the other hand it breaks some integration (jti is optional in the JWT spec).
Any chance of (conditionally) dropping this jti requirement ?
Alternatives I have is creating my own custom token authenticator (which i want to prevent) or get a fix in KS.
More info in https://github.com/keycloak/keycloak-community/issues/180